public callSender(oFunctionList recordedData) { this.recordedData = recordedData; InitializeComponent(); if (recordedData != null) { // Set the call list count this.dataGridCalls.RowCount = recordedData.getCallCount(); // Make sure only 1 function is in the function list. if (recordedData.getCount() == 1) { // Set this function address this.address = recordedData.functions[0].address; // Set this function this.function = recordedData.functions[0]; // Initialize the arguments data grid view control this.dataGridArguments.Rows.Add(new string[] { "ecx", "0x0" }); this.dataGridArguments.Rows.Add(new string[] { "edx", "0x0" }); this.dataGridArguments.Rows.Add(new string[] { "eax", "0x0" }); for (int i = 0; i < recordedData.functions[0].getNumParams(); i++) { // Add this argument this.dataGridArguments.Rows.Add(new string[] { "ebp+0x" + (8 + i * 4).ToString("X"), "0x0" }); } // Load the initial arguments from the most recent function call if (recordedData.getCallCount() > 0) { // Set the register inputs this.dataGridArguments.Rows[0].Cells[1].Value = "0x" + recordedData.getData()[recordedData.getCallCount() - 1].ecx.ToString("X"); this.dataGridArguments.Rows[1].Cells[1].Value = "0x" + recordedData.getData()[recordedData.getCallCount() - 1].edx.ToString("X"); this.dataGridArguments.Rows[2].Cells[1].Value = "0x" + recordedData.getData()[recordedData.getCallCount() - 1].eax.ToString("X"); // Set the stack inputs for (int i = 0; i < recordedData.functions[0].getNumParams(); i++) { // Set this argument this.dataGridArguments.Rows[i + 3].Cells[1].Value = "0x" + recordedData.getData()[recordedData.getCallCount() - 1].arguments[i].ToString("X"); } } } } // Initialize the code text textCallAssembly.Text = generateCode(); }
private void updatePredictedOutput() { // Parse the input parameters int minCallCount = getCallCountMin(); int maxCallCount = getCallCountMax(); // Validate input arguments again if (minCallCount < 0 | maxCallCount < 0 && maxCallCount >= minCallCount) { return; } // Load the time range selection radial menu int timeSelection = (radioTimeRangeAll.Checked ? 1 : 0) + (radioTimeRangeClip.Checked ? 2 : 0); // Load the arg filter type selection radial menu int argFilterSelection = (radioArgAny.Checked ? 1 : 0) + (radioArg1Byte.Checked ? 2 : 0) + (radioArg2Byte.Checked ? 3 : 0) + (radioArg4Byte.Checked ? 4 : 0) + (radioArgFloat.Checked ? 5 : 0); // Load the arg string selection radial menu int argStringSelection = (radioStringAny.Checked ? 1 : 0) + (radioStringYes.Checked ? 2 : 0) + (radioStringMatch.Checked ? 3 : 0); // Load the arg binary selection radial menu int argBinarySelection = (radioBinaryAny.Checked ? 1 : 0) + (radioBinaryPartial.Checked ? 2 : 0) + (radioBinaryStart.Checked ? 3 : 0); // Load the argument count filter int argMinCount; int argMaxCount; if (!getArgRange(out argMinCount, out argMaxCount)) { return; } // Validate the input of the arg filter selection RANGE_PARSE args = null; switch (argFilterSelection) { case 2: args = new RANGE_PARSE_1BYTE(text1Byte); break; case 3: args = new RANGE_PARSE_2BYTE(text2Byte); break; case 4: args = new RANGE_PARSE_4BYTE(text4Byte); break; case 5: args = new RANGE_PARSE_FLOAT(textFloat); break; } if (args != null && !args.valid) { return; } // Create a copy of the original function list functionListOutput = functionList.Clone(); // Perform the data clipping if required if (timeSelection == 2) { // Clip the data to the selected region // Firstly replace the function list output with the selected time series output functionListOutput = playBar.getSelectedFunctionList().Clone(); // Now clip it to the selected range functionListOutput.clipCalls_timeRange(playBar.selectStart, playBar.selectEnd); } // Filter the data based on the source and destination if required if (checkAddressFunction.Checked) { // Filter based on the function address RANGE_PARSE_4BYTE range = new RANGE_PARSE_4BYTE(textAddressRangeFunction); if (range.valid) { functionListOutput.clipCalls_addressDest(range); } } if (checkAddressSource.Checked) { // Filter based on the call source address RANGE_PARSE_4BYTE range = new RANGE_PARSE_4BYTE(textAddressRangeSource); if (range.valid) { functionListOutput.clipCalls_addressSource(range); } } // Perform the argument count filtering functionListOutput.clipCalls_argumentCount(argMinCount, argMaxCount); // Perform the argument searching if (args != null) { functionListOutput.clipCalls_argument(args); } // Filter based on the string arguments switch (argStringSelection) { case 1: // Any call break; case 2: // Only calls with strings functionListOutput.clipCalls_hasStringArgument(); break; case 3: // Calls with string match functionListOutput.clipCalls_hasStringArgumentMatch(textStringMatch.Text, checkStringCaseSensitive.Checked); break; } // Filter based on the binary dereference arguments // Validate the data byte[] binaryData; if (!readByteHexString(textBinaryMatch.Text, out binaryData)) { // Invalid hex string textBinaryMatch.BackColor = Color.MediumVioletRed; } else { // Valid hex string textBinaryMatch.BackColor = Color.White; } switch (argBinarySelection) { case 1: // Any call break; case 2: // Only calls with a partial binary match functionListOutput.clipCalls_hasBinaryArgumentMatch(binaryData, false); break; case 3: // Only calls with a starts-with binary match functionListOutput.clipCalls_hasBinaryArgumentMatch(binaryData, true); break; } // Perform the call type filtering if (radioTypeInter.Checked || radioTypeIntra.Checked) { functionListOutput.clipCalls_type((radioTypeInter.Checked ? 1 : 2)); } // Perform the call count filtering and clip the resulting functions functionListOutput.clipFunctions_CallCount(minCallCount, maxCallCount); // Update the displays functionGrid.Rows.Clear(); functionGrid.RowCount = functionListOutput.getCount(); functionGrid.Invalidate(); this.Update(); labelCallsBefore.Text = string.Concat(functionList.getCallCount().ToString(), " calls before filtering."); labelCallsAfter.Text = string.Concat(functionListOutput.getCallCount().ToString(), " calls after filtering."); labelFunctionsBefore.Text = string.Concat(functionList.getCount().ToString(), " functions before filtering."); labelFunctionsAfter.Text = string.Concat(functionListOutput.getCount().ToString(), " functions after filtering."); }